Security

last person joined: 2 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass VIP issues

  • 1.  Clearpass VIP issues

    Posted Feb 18, 2020 10:16 AM

    I am running Clearpass in HA these two devices are on the same subnet and are both VMs.  The issue that I am having is that the subscriber keeps taking the VIP IP address.  I will reboot the subscriber and the publisher will grab the IP like its supposed to.  Once the Subscriber comes back up within 3-5 mins it takes over again.  I have had to adjust my VIP and leave the subscriber off so I can get everything working right.  Any suggestions would be appreciated



  • 2.  RE: Clearpass VIP issues

    Posted Feb 18, 2020 11:31 AM

    How are your Virtual IP settings setup in Clearpass?

    In your case, you want to make sure that your Primary node is set to your publisher, and your secondary node is set to the subscriber. It sounds like you have those backwards



  • 3.  RE: Clearpass VIP issues

    Posted Feb 18, 2020 11:34 AM

    Thanks for the reply back.  So the way I have VIP set up is

     

    Publisher=Clearpass1

    Subscriber=Clearpass2

     

    So in the VIP settings I have

    Primary Node= Clearpass1

    Secondary node= Clearpass2



  • 4.  RE: Clearpass VIP issues

    Posted Feb 19, 2020 04:16 AM

    With that setting the VIP should be at ClearPass1, if both nodes are up and available.

     

    Do you see something related to the VIP and failovers in the Event Viewer?

     

    Could it be that you have another 'high availability' system that uses VRRP on the same VLAN which may be using the same VRID? Like routers, or firewalls, or other ClearPass servers?